it’s easy to setup and once you have it in place you’ve just made things much, much harder for folks to abuse. Not impossible, you’re not completely safe. But you are in a better position than you were before.

June 1, 2011

Update: I added the autostart info to the virt module in func and to func-list-vms-per-host’s output.

so now you can do:

func-list-vms-per-host | grep running:0

to find any host which is running but NOT set to autostart

and

func-list-vms-per-host | grep shutdown:1

to find any host which is shutdown but set to autostart.

that will be available in func 0.29 whenever that happens.

Having recently been bitten by this in an ugly way I hacked up this quick func script to check for this sort of nonsense. I could do it more trivially but I need some minion-side changes to make it easier:

run this on your hosts, It will only hit hosts which have virtd/xen active on the system and then it will query them for the hosts. It will report if a vm is shutdown currently but is set to autostart on boot. If none are that way then it will output nothing.

I’ve pushed the minion-side changes out to upstream func and I’ll test out a new version of this which does it the opposite way, too: running, but not set to autostart on boot.